Thread: Necessity of installing Standalone due to license?
View Single Post
  #14 (permalink)  
Old 2007-01-06
RayPesek RayPesek is offline
Senior Member
  
Join Date: 2006-03-19
Location: Northern Ohio
Posts: 909
Rep Power: 3
RayPesek has an average reputation (10+)
Default Re: Necessity of installing Standalone due to license?
Hi derspot,

It sort of sounds like you've made up your mind to go ISA and are looking for reasons to justify your discussion. Go for it. It's a pretty decent product if it does what you want it to.

Data compression is very useful on low bandwidth links. Think non-US locations where dial-up is still the primary method or think WindowsMobile devices (yes, SecureClient Mobile is available for them). Or think cellular modems in the US. We have many tablets deployed to field personnel with cell modems and the data compression makes a big difference as they replicate lots of Notes data with digital photos each day.

ISA's firewall client can be used for user auth, but the key point is that it MUST be used to handle complex protocols, whether you want to use it or not and whether you're using user auth or not. I've been using ISA for web proxying and OWA publishing since ISA 2000 SP0 and am about to go from 2004 to 2006.

The Windows Firewall is a luser but it's better than nothing. We use the desktop policy on SC to do things like prevent end users from using SMTP outbound (think virus with its own SMTP engine). We use it to craft customized rules for different groups of users. Despite what the SSL VPN vendors say, IPSec doesn't have to be a wide open path into your internal network unless you have chosen to use a system that doesn't give you any option or you configure it that way.

Don't forget about SecureClient's Visitor Mode, which tunnels IPSec over SSL for environments that only allow web browsing. There's lots of them around the world. We regularly encounter them and watch the Cisco users talking to their Help Desk while we just work with Visitor Mode.

If you're in a SarBox environment, try to figure out how you're going to prove change control with ISA. It's impossible. It doesn't log anything related to policy changes or object changes. It doesn't log anything about log reviews. You will resort to documenting everything you do in a notebook instead of relying on automated processes and then you have to convince the auditors that you really did manually log everything and you did it contemporaneously.

Good luck,

Ray
Reply With Quote